Spy

MSIL/Spy.Agent.AUS malicious file

Malware Removal

The MSIL/Spy.Agent.AUS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What MSIL/Spy.Agent.AUS virus can do?

  • Creates RWX memory
  • The binary likely contains encrypted or compressed data.
  • Uses Windows utilities for basic functionality
  • Deletes its original binary from disk
  • Installs itself for autorun at Windows startup
  • Creates a hidden or system file

How to determine MSIL/Spy.Agent.AUS?


File Info:

crc32: 3EEDED85
md5: 39f15e1f1cd7fd2ab1d7f0cd2d7ada94
name: Scan Copy26042018,JPEG.exe
sha1: 6f0f88b28b0e06970306cb94cb3acf04a3a71973
sha256: b27c248040351b85f805c45a12dd85396824a1a3388225138d46924a9edd3788
sha512: 1b586bb83ff72e6ac6a00d522d259fc80c1d7c357586fef635a008da29ee4606229b8edc3b3f9eff47717cb184f5ed1f9e48c8a7172e254077742c3d7a04678b
ssdeep: 24576:wyVdOxLFDApSPKk48q506nH9ixFYGSKysohjfksmB50vWhM:3ViLFssPH48Pkitys1xHeWh
type: PE32 executable (GUI) Intel 80386, for MS Windows, MS CAB-Installer self-extracting archive

Version Info:

LegalCopyright: xa9 Microsoft Corporation. All rights reserved.
InternalName: Wextract
FileVersion: 8.00.7600.16385 (win7_rtm.090713-1255)
CompanyName: Microsoft Corporation
ProductName: Windowsxae Internet Explorer
ProductVersion: 8.00.7600.16385
FileDescription: Win32 Cabinet Self-Extractor
OriginalFilename: WEXTRACT.EXE .MUI
Translation: 0x0409 0x04b0

MSIL/Spy.Agent.AUS also known as:

MicroWorld-eScanTrojan.GenericKD.30714914
CAT-QuickHealTrojan.IGENERIC
McAfeeArtemis!39F15E1F1CD7
CylanceUnsafe
ZillyaTrojan.Autoit.Win32.40527
K7GWTrojan ( 0052a64a1 )
K7AntiVirusTrojan ( 0052a64a1 )
Invinceaheuristic
SymantecTrojan.Gen.2
TrendMicro-HouseCallTROJ_GEN.USE418
Paloaltogeneric.ml
ClamAVWin.Malware.Ototi-6591407-0
GDataTrojan.GenericKD.30714914
KasperskyTrojan.Win32.Autoit.abqtb
BitDefenderTrojan.GenericKD.30714914
NANO-AntivirusTrojan.Win32.Generic.ewdpwt
AegisLabMl.Attribute.Gen!c
TencentWin32.Trojan.Autoit.Lnyf
Ad-AwareTrojan.GenericKD.30714914
SophosTroj/Inject-CAN
F-SecureTrojan.GenericKD.30714914
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.USE418
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
EmsisoftTrojan.GenericKD.30714914 (B)
SentinelOnestatic engine – malicious
CyrenW32/Trojan.GLMO-4164
AviraDR/Autoit.muaun
MAXmalware (ai score=97)
Endgamemalicious (moderate confidence)
ArcabitTrojan.Generic.D1D4AC22
ZoneAlarmTrojan.Win32.Autoit.abqtb
MicrosoftTrojan:Win32/Skeeyah.A!rfn
AhnLab-V3Malware/Win32.Generic.C2480156
ALYacTrojan.GenericKD.30714914
AVwareTrojan.Win32.Generic!BT
VBA32Trojan.Agentb
PandaTrj/CI.A
ZonerTrojan.Advml
ESET-NOD32MSIL/Spy.Agent.AUS
RisingHack.Win32.SpyWare.aa (CLOUD)
IkarusTrojan.MSIL.Zyklon
FortinetW32/Inject.CAN!tr
AVGWin32:Malware-gen
Cybereasonmalicious.f1cd7f
AvastWin32:Malware-gen
CrowdStrikemalicious_confidence_90% (D)
Qihoo-360Win32/Trojan.bb0

How to remove MSIL/Spy.Agent.AUS?

MSIL/Spy.Agent.AUS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment